×

Introducing the Orbi 970 Series Mesh System with WiFi 7(BE) technology. For more information visit the NETGEAR Press Room.

Orbi WiFi 7 RBE973
Reply

Re: Micro Segmentation with Orbi RBR50

jkillean
Follower

Micro Segmentation with Orbi RBR50

Can RBR50 plus satellites be set up with micro Segmentation to isolate my SmartThings network?  If so, how? If not, is the newest ORBI better suited?  

Message 1 of 7
CrimpOn
Guru

Re: Micro Segmentation with Orbi RBR50

Honestly, after using Google to find information on "micro segmentation", I learned almost nothing.  "Better than firewalls, VLANs, Access Control Lists."  Wow!  But, what IS it?  No idea.

 

Orbi does not support internal firewall rules or internal VLANs, and has only a primitive "yes/no" access control.  I think there is zero chance that this "wonder technology" is supported by ANY residential class WiFi router.

 

If the goal is to prevent someone who compromises one IoT device from using it as a platform to attack other devices on the local network, then the Guest network appears to be the only mechanism offered on the Orbi platform (and most other residential WiFi routers).  The "Help" found at the bottom of the Orbi Guest setup screen does not exactly match the current choices, so I am not 100% certain of how Guest devices are controlled.  From reading the setup screen the choices are:

  • Guest devices can access only the Internet.  Not any other devices.  Not on the primary network.  Not on the Guest network.
  • Guest devices CAN access the primary network, Guest network, and Internet.

Thus, a device connected to Guest is pretty much "isolated".  If someone compromises an IoT device, they can attack the Internet, but not me.

 

You can ask on the Orbi WiFi 6 forum if that product has more advanced features: https://community.netgear.com/t5/Orbi-AX/bd-p/en-home-orbi-ax 

Message 2 of 7
ekhalil
Master

Re: Micro Segmentation with Orbi RBR50


@CrimpOn wrote:

.......

You can ask on the Orbi WiFi 6 forum if that product has more advanced features: https://community.netgear.com/t5/Orbi-AX/bd-p/en-home-orbi-ax 


An additional functionality in Orbi AX is that the guest network has its own subnet that is different than the subnet of the main network.

Message 3 of 7
SW_
Prodigy
Prodigy

Re: Micro Segmentation with Orbi RBR50


@ekhalil wrote:
An additional functionality in Orbi AX is that the guest network has its own subnet that is different than the subnet of the main network.

It would be nice if this feature will trickle down to non-AX Orbi in future FW update.

Message 4 of 7
nagendraprasath
Aspirant

Re: Micro Segmentation with Orbi RBR50

Good to see someone is talking about this basic feature missing in Orbii RBR50.

I see this option - "Allow guests to see each other and access my local network" in guest network settings...  Cant this be used to bring the segmentation when all LoT devices are moved to Guest network? 

Message 5 of 7
CrimpOn
Guru

Re: Micro Segmentation with Orbi RBR50

Using the Guest network for IoT devices and not allowing them to communicate with the primary network or other devices on the Guest network appears to isolate them from the primary WiFi network.  This, of course, assumes that ALL interaction with the IoT devices is through some sort of "cloud" connection.  In essence, when each IoT device is powered up and connects to WiFi, it opens a TCP connection to its "cloud".  When the user app wants to interact with the device, that communication goes through the cloud, not directly from a device on the Orbi primary network to the Orbi Guest network.

 

This would not work for me.  My IP cameras are set to FTP recordings to my  home server, which is not open to the internet.  If my cameras were on the Guest network, I could "remote" to them using their cloud connection, but would have to open an FTP port through the Orbi and use DDNS to get my recordings.  Too much bother (and  "more risk").

 

p.s. I have read more articles on "Micro Segmentation" and still do not understand anything about it, except that what the Orbi does is "not that."

Message 6 of 7
nagendraprasath
Aspirant

Re: Micro Segmentation with Orbi RBR50

Yes, that level of isolation helps keep IoT devices away from internal devices.

This way even if anyone get access to the network through any one of the IoT devices, they cant access anything beyond Guest network.

I agree a better Access control list to allow certain IP, Ports could be helpful in your case.

Message 7 of 7
Top Contributors
Discussion stats
  • 6 replies
  • 2317 views
  • 0 kudos
  • 5 in conversation
Announcements

Orbi WiFi 7